Follow the PACKET!!!

                 In last blog we discussed on how a frame is processed at layer 2 from ingress switch port to egress switch port. In this blog let us look at layer 3 i.e a packet being processed by a L3 or multi layer  switch. Look at the number of steps a layer 3 switch should go through to process a frame and them imaging the speed of the box :)

                 The path a layer 3 packet follows through a multi layer switch is similar to that of a layer 2 switch. Each packet is pulled off from an ingress queue and inspected for both layer 2 and layer 3 destination address. Decision to forward the packet is based on two address tables.

Layer 2 forwarding table(CAM) : 
The frame destination MAC address is used as an index or key into the CAM table(content addressable memory).  If the frame contains a layer 3 packet to be forwarded , the destination MAC address is that of layer 3 port of the switch. In this case, the CAM table results are used only to decide that frame should be processes at layer 3.

L3 forwarding table (FIB):
The FIB also known as forwarding information base is consulted using the destination IP address as an index. The longest match in the table is found and the resulting next hop layer 3 address is obtained.FIB also contains each next hop entry's layer 2 MAC address and the egress switch port(VLAN ID) so that further lockups are not necessary.

Always remember irrespective of the routing protocol , administrative distance or metric the longest match is preferred in routing. Example if a switch is learning 10.1.1.0/25 from EIGRP  and 10.1.1.0/24 from static, EIGRP is preferred over static as it has most exact match/longest match  i.e /27. 

Ternary Content addressable memory (TCAM) : 
  *Securing ACL - ACL can be used to identify frames according to their MAC address , protocol,IP address and layer 4 port numbers. TCAM's carry ACL's in compiled form so that a decision can be made on whether to forward a frame  in a single table lookup.

  *QOS ACL - Other ACL's which are used to classify incoming frames according to quality of service parameters, to control the rate of traffic flows and to mark QOS parameters in outbound frames.

 
As with layer 2 switching the packet finally must be placed in appropriate egress queue on the appropriate egress switch port.Layer 3 address identified the next hop and found its layer 2 address. The next hop layer 2 address must be put into the frame in place of the original destination MAC address. Frames's layer 2 source address also must be changes to the one of the multi layer switch
(L3 packet rewrite). Because the contents of packet and frame are changes, checksum is recalculated.

Follow the FRAME!!!

                                  As frames arrive upon switch ports, the source MAC addresses are learned and recorded in the CAM table, along with the port of arrival, the VLAN, and a timestamp.If a MAC address learned upon a port has moved to another port, the MAC address and timestamp are recorded for the most recent port; and then the previous entry is deleted.

When a frame arrives at a switch port, it is placed into one of the ports ingress queue. Each queue contain frames to be forwarded , with each queue have different priority and service level. Critical data loss can be avoided by fine tuning the switch port so the important frames get processed and forwarded first.As ingress queues are serviced and a frame is pulled off the switch must figure out not only where the forward the frame but also whether it should be forwarded and how ?

Layer 2 forwarding table(CAM) : 
The frame destination MAC address is used as an index or key into the CAM table(content addressable memory). CAM table has three three rows - MAC address, Egress port and VLAN. If the address is found, egress switch port and appropriate VLAN ID are read from the table.

Ternary Content addressable memory (TCAM) : 
  *Securing ACL - ACL can be used to identify frames according to their MAC address , protocol,IP address and layer 4 port numbers. TCAM's carry ACL's in compiled form so that a decision can be made on whether to forward a frame  in a single table lookup.

  *QOS ACL - Other ACL's which are used to classify incoming frames according to quality of service parameters, to control the rate of traffic flows and to mark QOS parameters in outbound frames.


In the next blog lets follow a packet :)

Switching Basics

It took a year and a half to start writing again !! Time just flies :)

I will follow OSI reference model and will start with data link layer(Layer 2). What comes to mind when we talk about layer 2 ? Switches, hubs bridges, frames etc.

Let us first  try understanding what is a collision domain and broadcast domain.

Collision Domain: Anywhere within a network where a Collision can occur. When more than one host tries to talk at one time a collision occurs and everyone should backoff, wait to talk again.This forces every host to operate in half duplex(either send or receive). 

Broadcast Domain: All devices that a Broadcast message reaches at the Data Link layer within a network is called a Broadcast domain. 

Hub : Every single port on a hub belongs to same collision domain and broadcast domain.

Bridge : Bridge breaks up collision domain/per port and is in same broadcast domain.

Switches : Each port of the switch is in different collision domain and same broadcast domain, you add another switch it is also in same broadcast domain.

Router : Each port belongs to different collision and broadcast domain.

A Media Access Control (MAC) address is a 48-bit address that is used for communication between two hosts in an Ethernet environment. MAC address actually has two parts, first half is OUI - Organizationally unique identifier assigned to hardware vendores by IEEE.The address is written in the form of 12 hexadecimal digits.

                

                             Ethernet switch operates at layer 2 of OSI reference model making decisions about forwarding frames based on destination MAC address found within the frame.Each port can operate in full duplex switches have per port collision domain, hence bandwidth is not shared. A switch either should e told explicitly where hosts are located or must learn information itself. You can configure MAC address statically but this gets out of control when more number of hosts are added to network.

Switch dynamically learns MAC address listening to incoming frames and keeps a table of information.When a frame is received on switch port, switch inspects the source MAC address and adds to the table if it does not have an entry. Incoming frames also include the destination MAC address and switch looksup for a entry. If address is not found in the table, switch  floods to all the switchports assigned to VLAN. This is known as unknown unicast flooding. 

Further reading :

https://learningnetwork.cisco.com/docs/DOC-30227